Overview. Disasters are happening more frequently and Recovery is taking on a different perspective.

Similar documents
Disaster Recovery & Business Continuity Related, but NOT the Same! Teri Stokes, Ph.D., Director GXP International

Sponsor Site Questionnaire FAQs Regarding Maestro Care

Disaster Recovery and Business Continuity Plan

MARQUIS DISASTER RECOVERY PLAN (DRP)

Business Continuity Planning (800)

Overview of how to test a. Business Continuity Plan

Welcome Computer System Validation Training Delivered to FDA. ISPE Boston Area Chapter February 20, 2014

Computerized System Audits In A GCP Pharmaceutical Laboratory Environment

Ohio Conference for Payroll Professionals Disaster Recovery

Nova Southeastern University Standard Operating Procedure for GCP. Title: Electronic Source Documents for Clinical Research Study Version # 1

Guidance for Industry Computerized Systems Used in Clinical Investigations

Checklist For Business Recovery

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

U. S. Department of Energy Consolidated Audit Program Checklist 5 Laboratory Information Management Systems Electronic Data Management

SECTION 15 INFORMATION TECHNOLOGY

Services Providers. Ivan Soto

MHRA GMP Data Integrity Definitions and Guidance for Industry January 2015

SAMPLE IT CONTINGENCY PLAN FORMAT

OECD SERIES ON PRINCIPLES OF GOOD LABORATORY PRACTICE AND COMPLIANCE MONITORING NUMBER 10 GLP CONSENSUS DOCUMENT

Testing Automated Manufacturing Processes

15 Organisation/ICT/02/01/15 Back- up

MHRA GMP Data Integrity Definitions and Guidance for Industry March 2015

Software Verification and Validation

Disaster Recovery Plan Documentation for Agencies Instructions

San Francisco Chapter. Information Systems Operations

Updating Your Skills from Microsoft Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010 SP1

A Best Practices Point of View from. Data Backup and Disaster Recovery Planning

International GMP Requirements for Quality Control Laboratories and Recomendations for Implementation

Disaster Recovery Business Continuity Premium Edition

Identify and Protect Your Vital Records

Business Continuity Planning Preparing Your Organization

CISM Certified Information Security Manager

Domain 1 The Process of Auditing Information Systems

Technology Recovery Plan Instructions

Data Management and Good Clinical Practice Patrick Murphy, Research Informatics, Family Health International

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP).

From paper to electronic data

COMMERCIALISM INTEGRITY STEWARDSHIP. Back-up Policy & Guidance

D2-02_01 Disaster Recovery in the modern EPU

Developing a Business Continuity Plan... More Than Disaster

Disaster Recovery. Hendry Taylor Tayori Limited

INFORMATION TECHNOLOGY CONTROLS

Disaster Recovery Plan (Business Continuity) Template

DRAFT Disaster Recovery Policy Template

Business Continuity Planning in IT

Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS

Business Continuity and Capacity Building

Virginia Commonwealth University School of Medicine Information Security Standard

FDA Software Validation-Answers to the Top Five Software Validation Questions

Domain 3 Business Continuity and Disaster Recovery Planning

Disaster Recovery Planning Process

DoDI IA Control Checklist - MAC 2-Sensitive. Version 1, Release March 2008

Office of Inspector General

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) Fax: (718)

Considerations When Validating Your Analyst Software Per GAMP 5

PERFORMANCE EVALUATION AUDIT CHECKLIST EXAMPLE. EIIP Volume VI

CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS

A CALL TO CONTENTS OFF-SITE RECORDS STORAGE: CONSIDERATIONS AND SELECTION CRITERIA

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

GOOD LABORATORY PRACTICE (GLP) GUIDELINES FOR THE VALIDATION OF COMPUTERISED SYSTEMS. Working Group on Information Technology (AGIT)

Planning for a Disaster Using Tivoli Storage Manager. Laura G. Buckley Storage Solutions Specialists, Inc.

CENTER FOR NUCLEAR WASTE REGULATORY ANALYSES

Creating a Business Continuity Plan. What We ll Cover... What is a BCP? Micky Hogue, CRM

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

INTRODUCTION. This book offers a systematic, ten-step approach, from the decision to validate to

Back to index of articles. Qualification of Computer Networks and Infrastructure

21 CFR Part 11 Electronic Records & Signatures

Updating Your Skills from Microsoft Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010 Course 10165; 5 Days, Instructor-led

STANDARD OPERATING PROCEDURE FOR DATA RETENTION

ROADMAP TO DEFINE A BACKUP STRATEGY FOR SAP APPLICATIONS Helps you to analyze and define a robust backup strategy

I.T. Disaster Recovery Plan

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Computerised Systems. Seeing the Wood from the Trees

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

How To Manage Cloud Data Safely

OMCL Network of the Council of Europe QUALITY ASSURANCE DOCUMENT

Introduction to Cloud Computing What is SaaS? Conventional vs. SaaS Methodologies Validation Requirements Change Management Q&A

IT SERVICE CONTINUITY AS RELATED TO THE MANAGEMENT OF ELECTRONIC RECORDS POLICY

Table of Contents... 1

Overview of Business Continuity Planning Sally Meglathery Payoff

July 12, 2013 Page 1 of 5 BellHawk Systems Corporation

Information Security Policies. Version 6.1

Good Clinical Laboratory Practice (GCLP) An international quality system for laboratories which undertake the analysis of samples from clinical trials

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

DAIDS Appendix 2 No.: DWD-POL-DM-01.00A2. Data Management Requirements for Central Data Management Facilities

Empower TM 2 Software

Emergency Operations California State University Los Angeles

April promoting efficient & effective local government

Transcription:

Overview Disasters are happening more frequently and Recovery is taking on a different perspective. Defining a Disaster/Disaster Recovery Basic requirements in preparing for a disaster The role of Quality Assurance in Disaster Recovery preparedness. Identifying areas of concern in a GLP regulated environment

Regulatory Compliance Scope Good Laboratory Practices (GLPs) 21 CFR Part 58 Non-clinical laboratory studies 21 CFR Part 11 Electronic Records and Signatures

Regulatory Expectation Role of Quality Assurance Data integrity - Assurance that data is consistent and correct Restorable Accessible Intact Reconstructable

What is a Disaster?? A disaster is the tragedy of a natural or human-made hazard (a hazard is a situation which poses a level of threat to life, health, property, or environment) that negatively affects society or environment. en.wikipedia.org/wiki/disasters

Disasters Disasters of Today Large scale Small scale Local Global Know what kinds of emergencies might affect your company both internally and externally

What is Disaster Recovery?? Disaster Recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. http://en.wikipedia.org/wiki/disaster_recovery_plan

What to Do? What will you do if your office building, plant or laboratory is not accessible? Put a plan in motion

Disaster Recovery Plan Disaster Recover Plan (DRP) is a detailed document that provides a roadmap to follow in order to restore (recover) your affected business services. Laboratory Equipment Vivarium facilities IT equipment &/or Infrastructure Network Telecommunications

Disaster Recovery Planning Components to Consider Establishing a DRP committee Defining what constitutes a Disaster Performing the Recovery Risk Assessment Business Impact Assessment Identifying the types of systems to be recovered Identifying the location of systems to be recovered Determining recovery time targets Using pre-existing processes Defining the process for resuming business processes at the primary site.

Disaster Recovery Plan - Components to Consider DRP committee Business Unit/System Owners such as supervisors, directors, managers, application administrators Information Technology Quality Assurance Unit

Role of Quality Assurance in DRP Advisory Role Identify regulatory requirements Establish quality standards Consultation when preparing necessary documents

Disaster Recovery Plan Development Developmental Stage Components to Consider (not limited to) Personnel Roles & Responsibilities WHO ARE THESE INDIVIDUALS? Instructions for: Recovery Resumption Plan maintenance Approval of Plan

Disaster Recovery Plan Development Role of QA Components to Consider Recovery Ensure regulatory components are met Quality is built in to the Recovery Process Are test scripts written for each affected System? Ensure the robustness of recovery test scripts Ensure adequate documentation Reconstructable events Approval of Plan

Disaster Recovery Plan Testing Testing Stage Components to Consider (not limited to) Checklists Walkthrough Disaster Simulation Testing and verification of technical solutions established for recovery operations Ensure the ability to recover critical data in the event of a Disaster Use of Test Scripts

Disaster Recovery Plan Testing Role of QA Components to Consider Disaster Simulation Ensure SOPs are in place Monitor process as a phase inspection to ensure proper procedures are being performed according to the DRP. Use of Test Scripts

Disaster Recovery Plan Maintenance Maintenance Stage Components to Consider (not limited to) Training Periodic Testing testing and verification of documented recovery procedures. A biannual or annual maintenance cycle is typical

Disaster Recovery Plan Maintenance Role of QA Components to Consider Training Documented evidence 21 CFR Part 58 21 CFR Part 11

Disaster Recovery Plan Maintenance Role of QA Components to Consider Periodic Testing Are recovery & periodic testing procedures being conducted & complied with? Is compliance supported by documented evidence?

What is Event Documentation? Event documentation is the silent GLP requirement because it is nowhere therein mentioned specifically and the reference to it is arcane. Clearly, Section 58.3(k) defines raw data essentially as the first record of an original observation but it was not without intent that the GLP drafters used the more comprehensive term "data" in Section 58.130, Conduct of a nonclinical laboratory study. This distinction was made to recognize the fact that laboratory experimentation results in a number of records that, strictly speaking do not fall under the definition of raw data. P. Lepore

What is Event Documentation? To clarify: this is not RAW DATA but it is DATA and it needs to be maintained in order for study reconstruction Disaster Recovery Event

The 1 st UNWRITTEN LAW IF IT ISN T DOCUMENTED, IT WASN T DONE

Maintaining Compliance During a Disaster Compliance Stage Components to Consider (not limited to) SOPs Post Disaster Operations Lessons Learned Documentation Review

Maintaining Compliance During a Disaster Role of QA Components to Consider SOPs Were DR SOPs followed? Data security Back-up procedures Were the Software Life Cycle processes met Change Control if needed Criteria for assessing the disaster type Criteria for assessing system impact

Maintaining Compliance During a Disaster Role of QA Components to Consider Post Disaster Operations Documentation Review Does the DRP meet the regulatory requirements as appropriate for the business/service/system being restored? Data integrity Did you follow the DRP? Data integrity What software tools, techniques, and/or development methodologies are utilized? Are processes in place to verify how the system can discern invalid/altered records?

Identifying Areas of Concern in a GLP Regulated Environment Were records maintained off-site and subsequently retrieved? Is there a Recovery Co-location site? If so, has a vendor audit been conducted If so, what SOPS or formal procedures do they follow in the event of a Disaster Are all back-up systems identified according to the system configuration logs? What procedures do the Labs use in the event systems even equipment are unavailable? What s the process after the system has been restored

Vendor Assessment Identifying Areas of Concern in a GLP Regulated Environment Off-site archive location (Paper vs Electronic Data Archives) Specialized assay, water analysis, analytical chemistry What are the Disaster Recovery procedures for vendors that provide subcontracted data collection or data record retention? What happens to your data in the event of a Disaster?

Are You Prepared? QA inspections are essential Verify the existence of objective evidence Assess how successfully processes have been implemented Ensure GLP compliance has been maintained Promote continuous improvement

FDA Citation Failure to back-up data with subsequent loss due to hardware failure

Recovery in a different light Customized to fit the specific disaster/disruption Provides evidence that the system is doing what it is supposed to do & will continue to do so in the future

Any Questions? Cynthia L. Smith, RQAP-GLP Quality Specialist III

RESOURCES Emergency Preparedness and Business Continuity Standard (NFPA 1600) developed by the National Fire Protection Association and endorsed by the American National Standards Institute and the Department of Homeland Security. http://en.wikipedia.org/wiki/disaster_recovery_plan http://www.ready.gov/business Red Apple II, 2008 Association of Records Managers and Administrators (ARMA) www.arma.org

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information